bfeaf1fe93923425053e245e2ccefae72a65f75edad1f1689c55c4f0a1e84455 | Triage

Sharing

General

Target

PyHelper.dll
Size

236KB
Sample

240511-mrjw9sch8v
MD5

b7bd2243978cfe44cc0d4b28086c4004
SHA1

bbc0f43de71cddc0a1be48fa98b936ebffb817ac
SHA256

bfeaf1fe93923425053e245e2ccefae72a65f75edad1f1689c55c4f0a1e84455
SHA512

e7f924564bcf1a6173cf29bbbcb16994b3e527a93c1059e7be8e86aa5f5887a852a6a9084862caf3e192a5a70336e6ee22bc169c1f1e0300fa72bb9049a0141f
SSDEEP

3072:aSro30CSFTVOo7qzijtY7HBGsBel05YGoAgbceBBCxRXu+E+NO9o6Kgv:akoELH7k8tY7HkLljr1CTbE55

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  PyHelper.dll
- Size
  
  236KB
- MD5
  
  b7bd2243978cfe44cc0d4b28086c4004
- SHA1
  
  bbc0f43de71cddc0a1be48fa98b936ebffb817ac
- SHA256
  
  bfeaf1fe93923425053e245e2ccefae72a65f75edad1f1689c55c4f0a1e84455
- SHA512
  
  e7f924564bcf1a6173cf29bbbcb16994b3e527a93c1059e7be8e86aa5f5887a852a6a9084862caf3e192a5a70336e6ee22bc169c1f1e0300fa72bb9049a0141f
- SSDEEP
  
  3072:aSro30CSFTVOo7qzijtY7HBGsBel05YGoAgbceBBCxRXu+E+NO9o6Kgv:akoELH7k8tY7HkLljr1CTbE55
Score

8^/10

execution persistence
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionpersistence

behavioral2

behavioral3

executionpersistence

behavioral4

executionpersistence